Google Toolbar: Beware of Buttons

The Google toolbar has found yet another use: as a possible malware vector. Researcher Aviv Raff has released a proof-of-concept (PoC) code, which demonstrates how an attacker may install malicious software or conduct phishing attacks by prompting the user to install a new Googletoolbar button.

Affected Google toolbar versions are as follows:

Google Toolbar 5 beta for Internet Explorer

Google Toolbar 4 for Internet Explorer

Google Toolbar 4 for Firefox (partially)

The code makes use of a specially crafted link that refers to the button’s XML file, which when clicked displays a dialog box summarizing the details of the button to be installed. This dialog box also displays a URL of where the button is to be downloaded. Through manipulation, however, a malicious author could make it appear that the said URL is non-malicious by adding special redirector strings. This further increases the user’s trust in the button to be installed. If the toolbar does get installed, the user must manually click on the button to execute it, which in turn may run an installation script (which a user must approve to install) or a fake log-in console (for phishing purposes).

However, Google classifies the PoC as non-critical, due to the multitude of steps involved before a user does get infected. Nevertheless, the search giant has confirmed that it is currently looking for a fix to remedy the bug.

Google actually encourages the creation of custom buttons for its toolbar, and outlines the ease of creating one in their Web site, complete with API documentation. This ease-of-creation feature, coupled with Google’s large fanbase, opens up plenty of possibilities for its users, malware authors included.

For the meantime, users of Google toolbar are advised to refrain from adding new buttons.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:

Security Predictions for 2020

Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.Read our security predictions for 2020.

Business Process Compromise

Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more,
read our Security 101: Business Process Compromise.